From 982d5dcf55305f8c7d18b14e612075b61965ea83 Mon Sep 17 00:00:00 2001
From: Torsten Oppermann <torsten@sgalinski.de>
Date: Tue, 18 Sep 2018 10:02:11 +0200
Subject: [PATCH] [TASK] Implemented security check

---
 Classes/Service/RegisterService.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Classes/Service/RegisterService.php b/Classes/Service/RegisterService.php
index e4ffc435..fe0a7a3f 100644
--- a/Classes/Service/RegisterService.php
+++ b/Classes/Service/RegisterService.php
@@ -139,7 +139,16 @@ class RegisterService implements \TYPO3\CMS\Core\SingletonInterface {
 					continue;
 				}
 
-				// @TODO SECURITY CHECK WITH HASH
+				// get file name without folders
+				$pathAsArray = GeneralUtility::trimExplode('/', $pathToRegistrationFile);
+				$filename = $pathAsArray[\count($pathAsArray)-1];
+				$filenameWithoutHash = GeneralUtility::trimExplode('_', $filename)[1];
+				$hash = md5($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . '|' . $filenameWithoutHash);
+				// if the filename doesnt start with the hash value, ignore it
+				if (strpos($filename, $hash) !== 0) {
+				   continue;
+				}
+
 				$configArray = (include $pathToRegistrationFile);
 
 				$extensionKey = $configArray['extension_key'];
-- 
GitLab